postfix: Support setting options for policyd-spf

Author: griff

default.nix

@@ -454,6 +454,18 @@ in
       '';
     };
 
+    policydSPFExtraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      example = ''
+        skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
+      '';
+      description = ''
+        Extra configuration options for policyd-spf. This can be use to among
+        other things skip spf checking for some IP addresses.
+      '';
+    };
+
     monitoring = {
       enable = mkEnableOption "monitoring via monit";
 

mail-server/postfix.nix

@@ -98,17 +98,9 @@ let
    (lib.optional cfg.dkimSigning "unix:/run/opendkim/opendkim.sock")
    ++ [ "unix:/run/rspamd/rspamd-milter.sock" ];
 
-  policyd-spf = pkgs.writeText "policyd-spf.conf" (''
-    TestOnly = 1
-
-    HELO_reject = Fail
-    Mail_From_reject = Fail
-
-    PermError_reject = False
-    TempError_Defer = False
-
-    skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
-  '' + (lib.optionalString cfg.debug ''
+  policyd-spf = pkgs.writeText "policyd-spf.conf" (
+    cfg.policydExtraConfig
+    + (lib.optionalString cfg.debug ''
     debugLevel = 4
   ''));
 in